Compliance benchmarks display score cards that help you proactively detect compliance problems in vRealize Operations. The compliance benchmarks are measured against a set of standard rules, regulatory best practices, or custom alert definitions.

How Compliance Benchmarks Work

All the compliance standards in vRealize Operations, including any standards that you define, are based on alert definitions. Only alert definitions of the Compliance subtype are counted. Custom score cards can monitor user-defined alerts.

In previous releases of vRealize Operations, you had to modify the current default policy to monitor compliance against a set of standard rules, regulatory best practices, or custom alert definitions. In the current release, you can manage all compliance related tasks from the Optimize > Compliance page. When you configure a benchmark, you select an applicable policy. vRealize Operations then enables the appropriate alert definitions in the policy to measure compliance.

The compliance assessment is based on the environment where your objects are deployed. You can monitor objects that are deployed in your VMware Self-Managed Cloud (SDDC) environment, including DC and Edge environments, your VMware Managed Cloud (VMC SDDC) environment, VMware Cloud on Dell EMC SDDC, and your Azure VMware Solution and Google Cloud VMware Engine Private Cloud environments.

Compliance benchmarks on VMware Cloud on AWS, VMware Cloud on Dell EMC, Azure VMware Solution, and Google Cloud VMware Engine are applicable only on customer VMs that you have deployed in the respective data centers.

vRealize Operations Compliance Benchmark Types

VMware SDDC and Private Cloud Benchmarks
Displays score cards based on alerts which are measured against the latest hardening guides:
  • vSphere Security Configuration Guide
  • vSAN Security Configuration Guide
  • NSX Security Configuration Guide
Displays benchmarks for and in the SDDC and other tabs.
Note: vSphere 6.7 Update 1 Security Configuration Guide no longer contains risk profiles. For more information, see blogs.vmware.com.
Note: vRealize Operations vSphere Compliance pack is upgraded to support the latest vSphere Security Configuration Guide. For details of the conditions that allow automated compliance assessment and the list of controls that can be used to perform manual checks based on the VMware vSphere 7 Security Configuration Guide, see KB 88721.
Custom Benchmarks
Displays benchmarks that you define. Use compliance alerts from vSphere and regulatory management packs, or define your own alerts to monitor. You can define up to five custom score cards. You can import custom score cards from other instances of vRealize Operations.
Regulatory Benchmarks
Displays benchmarks for industry standard regulatory compliance requirements. You can install compliance packs for the following regulatory standards:
  • Health Insurance Portability and Accountability Act (HIPAA)
  • Payment Card Industry Data Security Standard (PCI DSS) compliance standards
  • CIS Security Standards
  • Defense Information Systems Agency (DISA) Security Standards
  • The Federal Information Security Management Act (FISMA) Security Standards
  • International Organization for Standardization (ISO) Security Standards
For instructions on installing these compliance packs, see Install a Regulatory Benchmark.